This is sent along with the contents of $unsafestring to replace the :db_condition_placeholder_0 token. Note that this isn't some lame string replacement, but an actual argument for the SQL statement.

This has some interesting implications for converting some code patterns in Drupal 6. Let's say that you want to select all rows from a table where a column matches the value of another, but the user can choose from one of three columns to match against. I've seen this sort of code used to get this sort of variable into a database string:

About the author

Steven has a wealth of experience building Drupal-based websites and tools associated with them. He is a maintainer of the Aegir project and has contributed to many other projects on Drupal.org. He is currently our infrastructure lead and is a lead architect on many of our projects.

He is a Master of Mathematics graduate from the University of Warwick and got involved in Drupal creating a website for the Maths society there.